Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
3
Replies

MSS inconsistencies on SMTP communication

dmooreami
Level 3
Level 3

‎07-28-2008 10:18 AM - edited ‎03-11-2019 06:21 AM

Getting a FLOOD, huge flood of

" reason: MSS exceeded, MSS 1300, data 1360" on Port 25

running Pix 7.0.4 code.

What is up with this? Have seen some of these in the past, but nothing like the 1 to 3 every second. I think someone is trying to run a SMTP exploit on my port 25. I am not getting these on port 80. Also have not had this huge amount of MSS reject in the past.

Suggestions?

Labels:
0 Helpful
3 Replies 3

Farrukh Haroon
VIP Alumni
VIP Alumni

‎07-28-2008 11:13 AM

This is rarely caused by exploits, this usually problems with the TCP settings on the server/client etc. Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

As you see Cisco has changed the default from 'deny' to 'allow' due to excessive user complaints starting from release 7.2(4)

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/ef_72.html#wp1758645

Regards

Farrukh

0 Helpful

dmooreami
Level 3
Level 3
In response to Farrukh Haroon

‎07-28-2008 11:19 AM

Tech note applies to http sites. I am having an issue with port 25 inbound. My quesiton is can I apply the same to port 25 to bypass the MSS messages.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to dmooreami

‎07-28-2008 11:31 AM

Yes why not.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card